<?php
include("head.php");
$title = $_POST["title"];
$title = htmlspecialchars($title);
$title = getspam($title);
$pmtext = $_POST["pmtext"];
$pmid = $_GET["pmid"];
$time = $_GET["time"];
/////////////////////////////////////////////////////////////////////
if($action=="sendpm")
{
echo "<div><br/>Send PM<br/></div>";
echo "<p align=\"center\">";
$whonick = getnick_uid($who);
$byuid = getuid_sid($sid);
$tm = time();
$lastpm = mysql_fetch_array(mysql_query("SELECT MAX(timesent) FROM ibwf_private WHERE byuid='".$byuid."'"));
$pmfl = $lastpm[0]+getpmaf();
if($byuid==1218)$pmfl=0;
if((isinvisable(getuid_sid($sid)))&&(isonline($who))&&(!isvip($who))){
echo "<img src=\"images$folder/notok.gif\" alt=\"X\"/>";
echo "Turn Your Invisability Off First!<br/><br/>";
}else{
if($pmfl<$tm)
{
if((!isblocked($pmtext,$byuid))&&(!isblocked($title,$byuid)))
{
if((!isignored($byuid, $who))&&(!istrashed($byuid)))
{
$res = mysql_query("INSERT INTO ibwf_private SET title='".$title."', text='".$pmtext."', byuid='".$byuid."', touid='".$who."', timesent='".$tm."'");
$psdtext = mysql_fetch_array(mysql_query("SELECT text FROM ibwf_private WHERE byuid='".$byuid."' AND touid='".$who."' AND timesent='".$tm."'"));
}else{
$res = true;
}
if($res)
{
echo "<img src=\"images$folder/ok.gif\" alt=\"O\"/>";
echo "PM was sent successfully to $whonick<br/><br/>";
if($title!=""){
echo "<br/><u>$title</u><br/><br/>";
}
$pmtext = str_replace(array("\r\n", "\r", "\n"), "<br/>", $pmtext);
echo parsepm($psdtext[0], $sid);
}else{
echo "<img src=\"images$folder/notok.gif\" alt=\"X\"/>";
echo "Can't Send PM to $whonick<br/><br/>";
}
}else{
$bantime = time() + (7*24*60*60);
echo "<img src=\"images$folder/notok.gif\" alt=\"X\"/>";
echo "Can't Send PM to $whonick<br/><br/>";
echo "DONT SPAM!!!<br/> as a result of your action:<br/>1. You have lost your shield!<br/>2. You have lost all your plusses!<br/>3. AUTOMATIC BAN!";
mysql_query("INSERT INTO ibwf_penalties SET uid='".$byuid."', penalty='1', exid='1', timeto='".$bantime."', pnreas='Banned: Automatic Ban for spamming'");
mysql_query("UPDATE ibwf_users SET plusses='0', shield='0' WHERE id='".$byuid."'");
mysql_query("INSERT INTO ibwf_private SET text='[spam]".$pmtext."[br/]This Idiot Is Banned', byuid='".$byuid."', touid='407', timesent='".$tm."'");
mysql_query("INSERT INTO ibwf_private SET text='[spam]".$pmtext."[br/]This Idiot Is Banned', byuid='".$byuid."', touid='1', timesent='".$tm."'");
mysql_query("INSERT INTO ibwf_private SET text='[spam]".$pmtext."[br/]This Idiot Is Banned', byuid='".$byuid."', touid='10', timesent='".$tm."'");
}
}else{
$rema = $pmfl - $tm;
echo "<img src=\"images$folder/notok.gif\" alt=\"X\"/>";
echo "Flood control: $rema Seconds<br/><br/>";
}
echo "<br/><br/><a href=\"inbxproc.php?action=admdel&who=$who&time=$tm\">Delete ?</a><br/>";
}
echo "<br/><br/><a href=\"inbox.php?action=main\">Back to Inbox</a><br/>";
$inb = mysql_fetch_array(mysql_query("SELECT inbox FROM ibwf_users WHERE id='".$uid."'"));
if($inb[0]!=""){
echo"<b><small>Or<br/></small></b>";
$place = str_replace("-","&",$inb[0]);
$place = str_replace("**","=",$place);
$place = str_replace("ZE*RO","",$place);
$place = explode("*",$place);
echo "<a href=\"$place[0].php?action=$place[1]\"/>Back to $place[2]</a><br/>";
}
echo getfoot($sid,$folder);
exit();
}
/////////////////////////////////////////////////////////////////////
if($action=="sendpmx")
{
echo "<div><br/>Send PM<br/></div>";
echo "<p align=\"center\">";
$whonick = getnick_uid($who);
$byuid = getuid_sid($sid);
$tm = time();
$lastpm = mysql_fetch_array(mysql_query("SELECT MAX(timesent) FROM ibwf_private WHERE byuid='".$byuid."'"));
$pmfl = $lastpm[0]+getpmaf();
if($byuid==1218)$pmfl=0;
if((isinvisable(getuid_sid($sid)))&&(isonline($who))&&(!isvip($who))){
echo "<img src=\"images$folder/notok.gif\" alt=\"X\"/>";
echo "Turn Your Invisability Off First!<br/><br/>";
}else{
if($pmfl<$tm)
{
if((!isblocked($pmtext,$byuid))&&(!isblocked($title,$byuid)))
{
if((!isignored($byuid, $who))&&(!istrashed($byuid)))
{
$res = mysql_query("INSERT INTO ibwf_private SET title='".$title."', text='".$pmtext."', byuid='".$byuid."', touid='".$who."', timesent='".$tm."'");
$psdtext = mysql_fetch_array(mysql_query("SELECT text, id FROM ibwf_private WHERE byuid='".$byuid."' AND touid='".$who."' AND timesent='".$tm."'"));
}else{
$res = true;
}
if($res)
{
///////////////////////
$size_bytes=99999999999;
$kb = $size_bytes / 1024;
$extlimit="yes";
$limitedext=array(".jpg",".jpeg",".gif",".png",".mid",".wma",".amr",".sis",".sisx",".jar",".jad",".3gp",".mp4",".avi",".mov",".wmv",".mpg",".mpeg",".zip",".swf",".rar",".wav",".nth");
$ext=strtolower(strrchr($_FILES['filetoupload'][name],'.'));
$file_type=$_FILES['filetoupload']['type'];
$file_name=$_FILES['filetoupload']['name'];
$file_size=$_FILES['filetoupload']['size'];
$file_tmp=$_FILES['filetoupload']['tmp_name'];
$nop = substr_count($file_name,"php");
$now = substr_count($file_name,"wml");
$noh = substr_count($file_name,"htm");
if(!is_uploaded_file($_FILES['filetoupload']['tmp_name'])){
echo "<img src=\"../images$folder/notok.gif\" alt=\"[x]\"/>No file selected!<br/>";
}
else if($extlimit=="yes" && !in_array($ext,$limitedext)){
echo "<img src=\"../images$folder/notok.gif\" alt=\"[x]\"/>Invalid file type!<br/>";
mysql_query("INSERT INTO ibwf_mlog SET action='Dodgy', details='<b>".getnick_uid(getuid_sid($sid))."</b> Attempted to upload a $ext file!', actdt='".time()."'");
}
//////////////////////////////////////anti hack
else if($nop>0||$now>0||$noh>0){
echo "<img src=\"../images$folder/notok.gif\" alt=\"[x]\"/>Invalid file type!<br/>";
mysql_query("INSERT INTO ibwf_mlog SET action='Dodgy', details='<b>".getnick_uid(getuid_sid($sid))."</b> Attempted to upload $file_name !', actdt='".time()."'");
}
////////////////
else if($file_size>$size_bytes){
echo "<img src=\"../images$folder/notok.gif\" alt=\"[x]\"/>Exceeded File size limit! Maximum <b>$kb</b> Kb.<br/>";
}
else if(file_exists("./hidemyass/$file_name")){
echo "<img src=\"../images$folder/notok.gif\" alt=\"[x]\"/>Filename already exists!<br/>";
}
else if($file_size){
$file_name2=str_replace(" ","",$file_name);
$file_name2=str_replace("'","",$file_name2);
$file_name2=str_replace("$","",$file_name2);
$file_name2=str_replace("%20","",$file_name2);
$file_name2=str_replace("~","",$file_name2);
$filename=explode(".",$file_name);
$size = $file_size/1024;
mysql_query("INSERT INTO download_inbox SET filename='".$file_name2."', pmid='".$psdtext[1]."', size='".$size."'");
move_uploaded_file($file_tmp, "./hidemyass/$file_name2");
echo "<br/>$file_name2<br/>
successfully uploaded!<br/>";
}
else{
echo "<img src=\"../images$folder/notok.gif\" alt=\"[x]\"/>Unknown error! Pls try again...<br/>";
}
////////////////////
echo "<img src=\"images$folder/ok.gif\" alt=\"O\"/>";
echo "PM was sent successfully to $whonick<br/><br/>";
if($title!=""){
echo "<br/><u>$title</u><br/><br/>";
}
$pmtext = str_replace(array("\r\n", "\r", "\n"), "<br/>", $pmtext);
echo parsepm($psdtext[0], $sid);
}else{
echo "<img src=\"images$folder/notok.gif\" alt=\"X\"/>";
echo "Can't Send PM to $whonick<br/><br/>";
}
}else{
$bantime = time() + (7*24*60*60);
echo "<img src=\"images$folder/notok.gif\" alt=\"X\"/>";
echo "Can't Send PM to $whonick<br/><br/>";
echo "DONT SPAM!!!<br/> as a result of your action:<br/>1. You have lost your shield!<br/>2. You have lost all your plusses!<br/>3. AUTOMATIC BAN!";
mysql_query("INSERT INTO ibwf_penalties SET uid='".$byuid."', penalty='1', exid='1', timeto='".$bantime."', pnreas='Banned: Automatic Ban for spamming'");
mysql_query("UPDATE ibwf_users SET plusses='0', shield='0' WHERE id='".$byuid."'");
mysql_query("INSERT INTO ibwf_private SET text='[spam]".$pmtext."[br/]This Idiot Is Banned', byuid='".$byuid."', touid='407', timesent='".$tm."'");
mysql_query("INSERT INTO ibwf_private SET text='[spam]".$pmtext."[br/]This Idiot Is Banned', byuid='".$byuid."', touid='1', timesent='".$tm."'");
mysql_query("INSERT INTO ibwf_private SET text='[spam]".$pmtext."[br/]This Idiot Is Banned', byuid='".$byuid."', touid='10', timesent='".$tm."'");
}
}else{
$rema = $pmfl - $tm;
echo "<img src=\"images$folder/notok.gif\" alt=\"X\"/>";
echo "Flood control: $rema Seconds<br/><br/>";
}
echo "<br/><br/><a href=\"inbxproc.php?action=admdel&who=$who&time=$tm\">Delete ?</a><br/>";
}
echo "<br/><br/><a href=\"inbox.php?action=main\">Back to Inbox</a><br/>";
$inb = mysql_fetch_array(mysql_query("SELECT inbox FROM ibwf_users WHERE id='".$uid."'"));
if($inb[0]!=""){
echo"<b><small>Or<br/></small></b>";
$place = str_replace("-","&",$inb[0]);
$place = str_replace("**","=",$place);
$place = str_replace("ZE*RO","",$place);
$place = explode("*",$place);
echo "<a href=\"$place[0].php?action=$place[1]\"/>Back to $place[2]</a><br/>";
}
echo getfoot($sid,$folder);
exit();
}
//////////////////////////////////////////////
else if($action=="sendto")
{
echo "<div><br/>Send PM<br/></div>";
echo "<p align=\"center\">";
$who = $_POST["who"];
$who = getuid_nick($who);
if((isinvisable(getuid_sid($sid)))&&(isonline($who))&&(!isvip($who))){
echo "<img src=\"images$folder/notok.gif\" alt=\"X\"/>";
echo "Turn Your Invisability Off First!<br/><br/>";
}else{
if($who==0)
{
echo "<img src=\"images$folder/notok.gif\" alt=\"x\"/>User Doesn't exist<br/>";
}else{
$whonick = getnick_uid($who);
$byuid = getuid_sid($sid);
$tm = time();
$lastpm = mysql_fetch_array(mysql_query("SELECT MAX(timesent) FROM ibwf_private WHERE byuid='".$byuid."'"));
$pmfl = $lastpm[0]+getpmaf();
if($pmfl<$tm)
{
if((!isblocked($pmtext,$byuid))&&(!isblocked($title,$byuid)))
{
if((!isignored($byuid, $who))&&(!istrashed($byuid)))
{
$res = mysql_query("INSERT INTO ibwf_private SET title='".$title."', text='".$pmtext."', byuid='".$byuid."', touid='".$who."', timesent='".$tm."'");
$psdtext = mysql_fetch_array(mysql_query("SELECT text FROM ibwf_private WHERE byuid='".$byuid."' AND touid='".$who."' AND timesent='".$tm."'"));
}else{
$res = true;
}
if($res)
{
echo "<img src=\"images$folder/ok.gif\" alt=\"O\"/>";
echo "PM was sent successfully to $whonick<br/><br/>";
if($title!=""){
echo "<br/><u>$title</u><br/><br/>";
}
$pmtext = str_replace(array("\r\n", "\r", "\n"), "<br/>", $pmtext);
echo parsepm($psdtext[0], $sid);
}else{
echo "<img src=\"images$folder/notok.gif\" alt=\"X\"/>";
echo "Can't Send PM to $whonick<br/><br/>";
}
}else{
$bantime = time() + (7*24*60*60);
echo "<img src=\"images$folder/notok.gif\" alt=\"X\"/>";
echo "Can't Send PM to $whonick<br/><br/>";
echo "DONT SPAM!!!<br/> as a result of your action:<br/>1. You have lost your shield!<br/>2. You have lost all your plusses!<br/>3. AUTOMATIC BAN!";
mysql_query("INSERT INTO ibwf_penalties SET uid='".$byuid."', penalty='1', exid='1', timeto='".$bantime."', pnreas='Banned: Automatic Ban for spamming'");
mysql_query("UPDATE ibwf_users SET plusses='0', shield='0' WHERE id='".$byuid."'");
mysql_query("INSERT INTO ibwf_private SET text='".$pmtext."', byuid='".$byuid."', touid='2', timesent='".$tm."', reported='1'");
}
}else{
$rema = $pmfl - $tm;
echo "<img src=\"images$folder/notok.gif\" alt=\"X\"/>";
echo "Flood control: $rema Seconds<br/><br/>";
}
}
}
echo "<br/><br/><a href=\"inbox.php?action=main\">Back to Inbox</a><br/>";
$inb = mysql_fetch_array(mysql_query("SELECT inbox FROM ibwf_users WHERE id='".$uid."'"));
if($inb[0]!=""){
echo"<b><small>Or<br/></small></b>";
$place = str_replace("-","&",$inb[0]);
$place = str_replace("**","=",$place);
$place = str_replace("ZE*RO","",$place);
$place = explode("*",$place);
echo "<a href=\"$place[0].php?action=$place[1]\"/>Back to $place[2]</a><br/>";
}
echo getfoot($sid,$folder);
exit();
}
////////////////////////////////////////////////
else if($action=="proc")
{
$pmact = $_POST["pmact"];
$pact = explode("-",$pmact);
$pmid = $pact[1];
$pact = $pact[0];
echo "<div><br/>Inbox<br/></div>";
echo "<p align=\"center\">";
$pminfo = mysql_fetch_array(mysql_query("SELECT text, byuid, touid, reported, title FROM ibwf_private WHERE id='".$pmid."'"));
if($pact=="del")
{
addonline(getuid_sid($sid),"Deleting PM","");
if(getuid_sid($sid)==$pminfo[2])
{
if($pminfo[3]=="1")
{
echo "<img src=\"images$folder/notok.gif\" alt=\"X\"/>Can't Delete PM At The Moment";
}else{
$del = mysql_query("DELETE FROM ibwf_private WHERE id='".$pmid."' ");
if($del)
{
echo "<img src=\"images$folder/ok.gif\" alt=\"O\"/>PM deleted successfully";
}else{
echo "<img src=\"images$folder/notok.gif\" alt=\"X\"/>Can't Delete PM at the moment";
}
}
}else{
echo "<img src=\"images$folder/notok.gif\" alt=\"X\"/>This PM ain't yours";
}
}else if($pact=="str")
{
addonline(getuid_sid($sid),"Starring PM","");
if(getuid_sid($sid)==$pminfo[2])
{
$str = mysql_query("UPDATE ibwf_private SET starred='1' WHERE id='".$pmid."' ");
if($str)
{
echo "<img src=\"images$folder/ok.gif\" alt=\"O\"/>PM starred successfully";
}else{
echo "<img src=\"images$folder/notok.gif\" alt=\"X\"/>Can't star PM at the moment";
}
}else{
echo "<img src=\"images$folder/notok.gif\" alt=\"X\"/>This PM ain't yours";
}
}else if($pact=="ust")
{
addonline(getuid_sid($sid),"Unstarring PM","");
if(getuid_sid($sid)==$pminfo[2])
{
$str = mysql_query("UPDATE ibwf_private SET starred='0' WHERE id='".$pmid."' ");
if($str)
{
echo "<img src=\"images$folder/ok.gif\" alt=\"O\"/>PM unstarred successfully";
}else{
echo "<img src=\"images$folder/notok.gif\" alt=\"X\"/>Can't unstar PM at the moment";
}
}else{
echo "<img src=\"images$folder/notok.gif\" alt=\"X\"/>This PM ain't yours";
}
}else if($pact=="rpt")
{
addonline(getuid_sid($sid),"Reporting PM","");
if(getuid_sid($sid)==$pminfo[2])
{
if($pminfo[3]=="0")
{
$str = mysql_query("UPDATE ibwf_private SET reported='1' WHERE id='".$pmid."' ");
if($str)
{
echo "<img src=\"images$folder/ok.gif\" alt=\"O\"/>PM reported to mods successfully";
}else{
echo "<img src=\"images$folder/notok.gif\" alt=\"X\"/>Can't report PM at the moment";
}
}else{
echo "<img src=\"images$folder/notok.gif\" alt=\"X\"/>This PM is already reported";
}
}else{
echo "<img src=\"images$folder/notok.gif\" alt=\"X\"/>This PM ain't yours";
}
}
else if($pact=="frd")
{
addonline(getuid_sid($sid),"Forwarding PM","");
if(getuid_sid($sid)==$pminfo[2]||getuid_sid($sid)==$pminfo[1])
{
echo "Forward to E-Mail:<br/><br/>";
echo "</p>";
echo "<form action=\"inbxproc.php?action=frdpm&who=$pminfo[1]&rid=$rid&rpw=$rpw\" method=\"post\">";
echo "<input name=\"email\" maxlength=\"500\"/><br/>";
echo "<input name=\"pmid\" value=\"$pmid\" type=\"hidden\"/><br/>";
echo "<input type=\"submit\" value=\"Forward\"/>";
echo "</form>";
echo "<p align=\"center\">";
}else{
echo "<img src=\"images$folder/notok.gif\" alt=\"X\"/>This PM ain't yours";
}
}
else if($pact=="dnl")
{
addonline(getuid_sid($sid),"Downloading PM","");
if(getuid_sid($sid)==$pminfo[2]||getuid_sid($sid)==$pminfo[1])
{
echo "<img src=\"images$folder/ok.gif\" alt=\"X\"/>request processed successfully<br/><br/>";
echo "<a href=\"rwdpm.php?action=dpm&pmid=$pmid\">Download PM</a>";
}else{
echo "<img src=\"images$folder/notok.gif\" alt=\"X\"/>This PM ain't yours";
}
}
//////////////////////////
else if($pact=="rnm"){
addonline(getuid_sid($sid),"Renaming PM","");
if($pminfo[2]=="$uid"){
echo "</p>";
echo "<form action=\"inbxproc.php?action=title&pmid=$pmid\" method=\"post\">";
echo "<input name=\"title\" maxlength=\"50\" value=\"$pminfo[4]\"/><br/>";
echo "<input type=\"submit\" value=\"Change\"/>";
echo "</form>";
echo "<p align=\"center\">";
}else{
echo "<img src=\"images$folder/notok.gif\" alt=\"X\"/>This Pm Isnt Yours!<br/><br/>";
}
}
echo "<br/><br/><a href=\"inbox.php?action=main\">Back to Inbox</a><br/>";
$inb = mysql_fetch_array(mysql_query("SELECT inbox FROM ibwf_users WHERE id='".$uid."'"));
if($inb[0]!=""){
echo"<b><small>Or<br/></small></b>";
$place = str_replace("-","&",$inb[0]);
$place = str_replace("**","=",$place);
$place = str_replace("ZE*RO","",$place);
$place = explode("*",$place);
echo "<a href=\"$place[0].php?action=$place[1]\"/>Back to $place[2]</a><br/>";
}
echo getfoot($sid,$folder);
exit();
}
///////////////////////////////////////////////////////
else if($action=="proall")
{
$fid = $_GET["fid"];
$sure = $_GET["sure"];
echo "<div><br/>Delete PM<br/></div>";
echo "<p align=\"center\">";
addonline(getuid_sid($sid),"Deleting PMs","");
$uid = getuid_sid($sid);
if($fid!="old"){
$folder = mysql_fetch_array(mysql_query("SELECT name, uid FROM inbox_folders WHERE id='".$fid."'"));
$fname = $folder[0];
}
$uid = getuid_sid($sid);
if(($folder[1]==$uid)||($fid=="old")){
if($sure==""){
if($folder[0]==""){
$fname = "Recycle Bin";
}
echo "Are You Sure You Want To Delete All Pms From $fname?<br/>";
echo "<a href=\"inbxproc.php?action=proall&fid=$fid&sure=1\">Yes</a><br/>";
echo "<a href=\"inbox.php?action=folder&fid=$fid\">No</a><br/>";
}else{
$del = mysql_query("DELETE FROM ibwf_private WHERE touid='".$uid."' AND reported!='1' AND fid='".$fid."' AND starred='0' And unread='0'");
if($del)
{
echo "<img src=\"images$folder/ok.gif\" alt=\"O\"/>All Pms Except Reported Are Deleted Successfully From $folder[0]";
}else{
echo "<img src=\"images$folder/notok.gif\" alt=\"X\"/>Can't Delete Pms at the moment";
}
}
}else{
echo "<img src=\"images/notok.gif\" alt=\"X\"/>This Folder Does Not Belong To You!";
}
echo "<br/><br/><a href=\"inbox.php?action=main\">Back to Inbox</a><br/>";
$inb = mysql_fetch_array(mysql_query("SELECT inbox FROM ibwf_users WHERE id='".$uid."'"));
if($inb[0]!=""){
echo"<b><small>Or<br/></small></b>";
$place = str_replace("-","&",$inb[0]);
$place = str_replace("**","=",$place);
$place = str_replace("ZE*RO","",$place);
$place = explode("*",$place);
echo "<a href=\"$place[0].php?action=$place[1]\"/>Back to $place[2]</a><br/>";
}
echo getfoot($sid,$folder);
exit();
}
///////////////////////////////////////////////////////////
else if($action=="frdpm")
{
$email = $_POST["email"];
$pmid = $_POST["pmid"];
addonline(getuid_sid($sid),"Forwarding PM","");
echo "<div><br/>Forward PM<br/></div>";
echo "<p align=\"center\">";
$pminfo = mysql_fetch_array(mysql_query("SELECT text, byuid, timesent,touid, reported FROM ibwf_private WHERE id='".$pmid."'"));
if(($pminfo[3]==getuid_sid($sid))||($pminfo[1]==getuid_sid($sid)))
{
$from_head = "From: noreplay@wapirate.wen.ru";
$subject = "PM By ".getnick_uid($pminfo[1])." To ".getnick_uid($pminfo[3])." (wapirate.wen.ru)";
$content = "Date: ".date("l d/m/y H:i:s", $pminfo[2])."\n\n";
$content .= $pminfo[0]."\n------------------------\n";
$content .= "wapirate.wen.ru: The best wap community!";
mail($email, $subject, $content, $from_head);
echo "<img src=\"images$folder/ok.gif\" alt=\"X\"/>PM forwarded to $email";
}else{
echo "<img src=\"images$folder/notok.gif\" alt=\"X\"/>This PM ain't yours";
}
echo "<br/><br/><a href=\"inbox.php?action=main\">Back to Inbox</a><br/>";
$inb = mysql_fetch_array(mysql_query("SELECT inbox FROM ibwf_users WHERE id='".$uid."'"));
if($inb[0]!=""){
echo"<b><small>Or<br/></small></b>";
$place = str_replace("-","&",$inb[0]);
$place = str_replace("**","=",$place);
$place = str_replace("ZE*RO","",$place);
$place = explode("*",$place);
echo "<a href=\"$place[0].php?action=$place[1]\"/>Back to $place[2]</a><br/>";
}
echo getfoot($sid,$folder);
exit();
}
////////////////////////////////////////////////////////////////////
else if($action=="admdel")
{
addonline(getuid_sid($sid),"Deleting PM","");
echo "<div><br/>Delete PM<br/></div>";
echo "<p align=\"center\">";
$whonick = getnick_uid($who);
echo "Delete PM to $whonick<br/><br/>";
$inb = mysql_fetch_array(mysql_query("SELECT unread FROM ibwf_private WHERE touid='".$who."' AND byuid='".$uid."' And timesent='".$time."'"));
if($inb[0]=="1"){
$del = mysql_query("DELETE FROM ibwf_private WHERE touid='".$who."' AND byuid='".$uid."' And timesent='".$time."'");
if($del)
{
echo "<img src=\"images$folder/ok.gif\" alt=\"O\"/>PM deleted successfully";
}else{
echo "<img src=\"images$folder/notok.gif\" alt=\"X\"/>Database Error";
}
}else{
echo "<img src=\"images$folder/notok.gif\" alt=\"X\"/>Message Is Already Read";
}
echo "<br/><br/><a href=\"inbox.php?action=main\">Back to Inbox</a><br/>";
$inba = mysql_fetch_array(mysql_query("SELECT inbox FROM ibwf_users WHERE id='".$uid."'"));
if($inba[0]!=""){
$place = str_replace("-","&",$inba[0]);
$place = str_replace("**","=",$place);
$place = str_replace("ZE*RO","",$place);
$place = explode("*",$place);
echo "<a href=\"$place[0].php?action=$place[1]\"/>Back to $place[2]</a><br/>";
}
echo getfoot($sid,$folder);
exit();
}
//////////////////////////////////////
else if($action=="title")
{
addonline(getuid_sid($sid),"Sending PM","");
echo "<div><br/>Rename Title<br/></div>";
echo "<p align=\"center\">";
$inb = mysql_fetch_array(mysql_query("SELECT touid FROM ibwf_private WHERE id='".$pmid."'"));
if($inb[0]=="$uid"){
$res = mysql_query("UPDATE ibwf_private SET title='".$title."' WHERE id='".$pmid."'");
if($res)
{
echo "<img src=\"images/ok.gif\" alt=\"O\"/>Title Renamed Successfully<br/><br/>";
}else{
echo "<img src=\"images/notok.gif\" alt=\"X\"/>Error Renaming Title!<br/><br/>";
}
}else{
echo "<img src=\"images$folder/notok.gif\" alt=\"X\"/>This Pm Isnt Yours!<br/><br/>";
}
echo "<br/><a href=\"inbox.php?action=main\">Back to Inbox</a><br/>";
$inba = mysql_fetch_array(mysql_query("SELECT inbox FROM ibwf_users WHERE id='".$uid."'"));
if($inba[0]!=""){
$place = str_replace("-","&",$inb[0]);
$place = str_replace("**","=",$place);
$place = str_replace("ZE*RO","",$place);
$place = explode("*",$place);
echo "<a href=\"$place[0].php?action=$place[1]\"/>Back to $place[2]</a><br/>";
}
echo getfoot($sid,$folder);
exit();
}
////////////////////////////////rename done
else if($action=="rename")
{
addonline(getuid_sid($sid),"Renaming PM Folder","");
$fid = mysql_real_escape_string($_POST["fid"]);
$folder = mysql_fetch_array(mysql_query("SELECT name, pic, uid FROM inbox_folders WHERE id='".$fid."'"));
if($folder[2]!=$uid){
echo "<div><br/>Doh!br/></div>";
echo "<p align=\"center\">";
echo "<img src=\"images/notok.gif\" alt=\"X\"/>This Folder Does Not Belong To You!<br/><br/>";
echo "<br/><br/>";
echo getfoot($sid,$folder);
exit();
}
echo "<div><br/>Rename Folder<br/></div>";
$newname = mysql_real_escape_string($_POST["newname"]);
$type = mysql_real_escape_string($_POST["type"]);
echo "<p align=\"center\">";
$res = mysql_query("UPDATE inbox_folders SET name='".$newname."', pic='".$type."' WHERE id='".$fid."'");
if($res)
{
echo "<img src=\"images/ok.gif\" alt=\"O\"/>Folder Renamed Successfully<br/><br/>";
}else{
echo "<img src=\"images/notok.gif\" alt=\"X\"/>Error Renaming Folder!<br/><br/>";
}
echo "<br/><br/>";
echo "<a href=\"inbox.php?action=main\">Back to Inbox</a><br/>";
$inb = mysql_fetch_array(mysql_query("SELECT inbox FROM ibwf_users WHERE id='".$uid."'"));
if($inb[0]!=""){
$place = str_replace("-","&",$inb[0]);
$place = str_replace("**","=",$place);
$place = str_replace("ZE*RO","",$place);
$place = explode("*",$place);
echo "<a href=\"$place[0].php?action=$place[1]\"/>Back to $place[2]</a><br/>";
}
echo getfoot($sid,$folder);
exit();
}
///////////////////////////////////////////////////////////
else if($action=="delf")
{
addonline(getuid_sid($sid),"Deleting PM Folder","");
echo "<div><br/>Delete Folder<br/></div>";
echo "<p align=\"center\">";
$fid = $_GET["fid"];
$sure = $_GET["sure"];
$folder = mysql_fetch_array(mysql_query("SELECT name, uid FROM inbox_folders WHERE id='".$fid."'"));
$uid = getuid_sid($sid);
if($folder[1]==$uid){
if($sure==""){
echo "Are You Sure You Want To Delete $folder[0]?<br/>";
echo "<a href=\"inbxproc.php?action=delf&fid=$fid&sure=1\">Yes</a><br/>";
echo "<a href=\"inbox.php?action=folder&fid=$fid\">No</a><br/>";
}else{
$res = mysql_query("DELETE FROM inbox_folders WHERE id='".$fid."'");
$sql = "SELECT fid FROM ibwf_private WHERE fid='".$fid."'";
$items = mysql_query($sql);
echo mysql_error();
if(mysql_num_rows($items)>0)
{
while ($item = mysql_fetch_array($items))
{
$sql = mysql_query("UPDATE ibwf_private SET fid='' WHERE fid='".$fid."'");
}
}
if($res)
{
echo "<img src=\"images/ok.gif\" alt=\"O\"/>Folder Deleted Successfully<br/><br/>";
}else{
echo "<img src=\"images/notok.gif\" alt=\"X\"/>Error Deleting Folder!<br/><br/>";
}
}
}else{
echo "<img src=\"images/notok.gif\" alt=\"X\"/>This Folder Does Not Belong To You!<br/><br/>";
}
echo "<br/><br/>";
echo "<a href=\"inbox.php?action=main\">Back to Inbox</a><br/>";
$inb = mysql_fetch_array(mysql_query("SELECT inbox FROM ibwf_users WHERE id='".$uid."'"));
if($inb[0]!=""){
$place = str_replace("-","&",$inb[0]);
$place = str_replace("**","=",$place);
$place = str_replace("ZE*RO","",$place);
$place = explode("*",$place);
echo "<a href=\"$place[0].php?action=$place[1]\"/>Back to $place[2]</a><br/>";
}
echo getfoot($sid,$folder);
exit();
}
///////////////////////////////////////////////////
else if($action=="newf")
{
addonline(getuid_sid($sid),"Creating Folder","");
echo "<div><br/>Create Folder<br/></div>";
echo "<p align=\"center\">";
$nof = mysql_fetch_array(mysql_query("SELECT COUNT(*) FROM inbox_folders WHERE uid='".$uid."'"));
if($nof[0]<11){
$fname = mysql_real_escape_string($_POST["fname"]);
$type = mysql_real_escape_string($_POST["type"]);
$uid = getuid_sid($sid);
$reg = mysql_query("INSERT INTO inbox_folders SET uid='".$uid."', name='".$fname."', pic='".$type."'");
if($reg)
{
echo "<img src=\"images/ok.gif\" alt=\"O\"/>Folder Created Successfully<br/><br/>";
}else{
echo "<img src=\"images/notok.gif\" alt=\"X\"/>Error Creating Folder<br/><br/>";
}
}else{
echo "You Already Have 10 folders!<br/>";
}
echo "<a href=\"inbox.php?action=main\">Back to Inbox</a><br/>";
$inb = mysql_fetch_array(mysql_query("SELECT inbox FROM ibwf_users WHERE id='".$uid."'"));
if($inb[0]!=""){
$place = str_replace("-","&",$inb[0]);
$place = str_replace("**","=",$place);
$place = str_replace("ZE*RO","",$place);
$place = explode("*",$place);
echo "<a href=\"$place[0].php?action=$place[1]\"/>Back to $place[2]</a><br/>";
}
echo getfoot($sid,$folder);
exit();
}
///////////////////////////////////////////delete bookmark
else if($action=="delbm")
{
addonline(getuid_sid($sid),"Deleting Bookmark","");
echo "<div><br/>Delete Bookmark<br/></div>";
echo "<p align=\"center\">";
$bid = $_GET["bid"];
$sure = $_GET["sure"];
$bookmark = mysql_fetch_array(mysql_query("SELECT uid FROM ibwf_bookmarks WHERE id='".$bid."'"));
$uid = getuid_sid($sid);
if($bookmark[0]==$uid){
if($sure==""){
echo "Are You Sure You Want To Delete This Bookmark?<br/>";
echo "<a href=\"inbxproc.php?action=delbm&bid=$bid&sure=1\">Yes</a><br/>";
echo "<a href=\"inbox.php?action=bookmarks\">No</a><br/>";
}else{
$res = mysql_query("DELETE FROM ibwf_bookmarks WHERE id='".$bid."'");
if($res)
{
echo "<img src=\"images/ok.gif\" alt=\"O\"/>Bookmark Deleted Successfully<br/><br/>";
}else{
echo "<img src=\"images/notok.gif\" alt=\"X\"/>Error Deleting Bookmark!<br/><br/>";
}
}
}else{
echo "<img src=\"images/notok.gif\" alt=\"X\"/>This Bookmark Does Not Belong To You!<br/><br/>";
}
echo "<br/><br/>";
echo "<a href=\"inbox.php?action=bookmarks\">Back To Bookmarks</a><br/>";
echo "<a href=\"inbox.php?action=main\">Back to Inbox</a><br/>";
$inb = mysql_fetch_array(mysql_query("SELECT inbox FROM ibwf_users WHERE id='".$uid."'"));
if($inb[0]!=""){
$place = str_replace("-","&",$inb[0]);
$place = str_replace("**","=",$place);
$place = str_replace("ZE*RO","",$place);
$place = explode("*",$place);
echo "<a href=\"$place[0].php?action=$place[1]\"/>Back to $place[2]</a><br/>";
}
echo getfoot($sid,$folder);
exit();
}
//////////////////////////////////////////////
else{
addonline(getuid_sid($sid),"Lost in inbox lol","");
echo "<div><br/>Doh!<br/></div>";
echo "<p align=\"center\">";
echo "I don't know how you got in here, but there's nothing to show<br/><br/>";
echo getfoot($sid,$folder);
exit();
}
?>